Archive for October, 2013

Google facing European sanctions over data protection

October 29th, 2013

Google is facing possible European sanctions over its privacy policy after French data protection regulators said the search firm has not complied with its requests. An EU investigation into Google’s data handling has been underway since March 2012, after Google introduced a new privacy policy and started combining data from across its websites to better target advertising, which regulators see as “high-risk” to users’ privacy.

The investigation has been led by French watchdog CNIL, which today said Google had failed to meet a deadline to comply with France’s data protection law. The regulator now intends to proceed with “initiating a formal procedure for imposing sanctions”.

“On 20 June 2013, the CNIL’s chair had ordered Google to comply with the French data protection law within three months. On the last day of this period, Google responded to the CNIL. Google contests the reasoning of the CNIL and has not complied with the requests laid down in the enforcement notice,” said a statement from CNIL.

The regulator stipulated a number of areas where it required Google to demonstrate compliance with data protection laws:

  • Define specified and explicit purposes for its policy
  • Inform users about the purposes of the processing implemented
  • Define retention periods for personal data processed
  • Not proceed, without legal basis, with the potentially unlimited combination of users’ data
  • Fairly collect and process passive users’ data
  • Inform users and then obtain their consent before dropping cookies

Google has maintained all along that its privacy practices respect European laws.

Microsoft pays out $128K to security bug hunters

October 19th, 2013

Microsoft has paid out more than $128,000 to security researchers since first offering bug bounties just over three months ago. In June, Microsoft announced three security bounty programmes to help improve the resilience of its products through responsible disclosure of flaws that hackers could exploit. Several big software companies, including Google, Paypal and Facebook, have established bug bounty programmes, but Microsoft had stopped short of offering similar cash rewards before.

The bulk of the rewards paid so far are for a mitigation bypass technique and 15 exploitable vulnerabilities reported in the preview version of its latest version of Microsoft’s web browser, Internet Explorer (IE11), which is scheduled to ship with Windows 8.1 on 18 October 2013.

Under the Mitigation Bypass Bounty programme, Microsoft will pay up to $100,000 for “truly novel” exploitation techniques against protections built into Windows 8.

And the BlueHat Bonus for Defense programme offers up to $50,000 for defensive ideas that block a mitigation bypass technique.

Announcing the bug bounty programmes, Microsoft said they would provide another way for the company to harness the collective intelligence and capabilities of security researchers.

Microsoft to build $250m data centre in Finland for European customers

October 7th, 2013

Microsoft is to design and build its next data centre in Finland. The new facility, costing over $250m (£161m), will be used to serve Microsoft customers in Europe. The company revealed it had chosen Finland as the home for its next data centre on the same day as it announced plans to acquire ailing Finnish telecommunications company Nokia in a $7.2bn deal.

Microsoft announced that it plans to invest more than a quarter of a billion dollars in capital and operation of the Finland data centre over the next few years, with the potential for further expansion over time.

Helsinki is a growing data centre hub and offers easy access to Russia and the Baltic countries. However, it is not yet clear if Microsoft will use the Finnish data centre to provide its Windows Azure cloud services to enterprise customers in Europe.

Microsoft already has other European data centre facilities – in Ireland and The Netherlands.